A Ransomware Gang Preparing for the Post-Quantum Future
A newly identified ransomware operation has introduced something the threat intelligence community has anticipated but not yet encountered in the wild: post-quantum cryptography embedded in ransomware encryption. The group, operating under the name Kyber, is targeting Windows systems and VMware ESXi hypervisors — with at least one variant deploying Kyber1024, the highest security level of the ML-KEM (CRYSTALS-Kyber) key encapsulation mechanism standardized by NIST in 2024.
The implication is significant: law enforcement agencies have occasionally decrypted ransomware-encrypted files by seizing C2 servers and recovering encryption keys. Post-quantum key encapsulation using Kyber1024 makes that recovery path substantially harder, even if the C2 infrastructure is seized years from now.
What Is Kyber1024?
CRYSTALS-Kyber (now standardized as ML-KEM under FIPS 203) is a post-quantum key encapsulation mechanism based on the hardness of problems related to module lattices. The "1024" variant provides the highest security level:
| Variant | Security Level | Equivalent Classical Security |
|---|---|---|
| Kyber512 | Level 1 | ~AES-128 |
| Kyber768 | Level 3 | ~AES-192 |
| Kyber1024 | Level 5 | ~AES-256 |
NIST standardized Kyber as part of its post-quantum cryptography standardization project specifically because classical computers cannot efficiently break it — and quantum computers, if they become cryptographically relevant, would still face extreme difficulty against Kyber1024.
In conventional ransomware:
- A symmetric key (e.g., AES-256) encrypts files
- The symmetric key is wrapped with the attacker's RSA or elliptic-curve public key
- Law enforcement seizing C2 servers can recover the private key needed to unwrap victim symmetric keys
With Kyber1024:
- The symmetric key is wrapped with a post-quantum KEM public key
- Even if investigators recover the C2 infrastructure years from now, and even if quantum computers become practical, recovering the wrapped key remains computationally infeasible at Kyber1024's security level
Targets: Windows and VMware ESXi
The Kyber ransomware group follows the now-standard dual-target approach used by many ransomware-as-a-service (RaaS) operations:
Windows Encryptor
The Windows variant targets:
- Workstations and servers running Windows 10/11 and Windows Server editions
- Network shares mapped to the victim host
- Shadow copies (VSS) — deleted prior to encryption to prevent recovery
- Backup software agent data directories
VMware ESXi Encryptor
The ESXi variant follows patterns established by groups like ALPHV/BlackCat, LockBit, and Payouts King:
- Targets virtual machine disk files (
.vmdk,.vmx,.vmem,.vswp,.vmsn) - Shuts down running VMs before encrypting to ensure consistent lock on disk files
- Executes directly on the ESXi host via SSH or exploited management access
ESXi targeting is attractive to ransomware operators because a single hypervisor may host dozens of virtual machines — encrypting one host effectively takes down an entire server rack's worth of infrastructure.
Infection and Lateral Movement
While Kyber's initial access vector has not been fully confirmed across all observed incidents, the group's tactics align with established enterprise ransomware patterns:
| Stage | Technique |
|---|---|
| Initial access | Exploited VPN/remote access vulnerabilities, phishing, or purchased access |
| Privilege escalation | Local exploits or credential theft |
| Lateral movement | SMB, RDP, PsExec, or ESXi SSH access |
| Defense evasion | EDR bypass techniques, safe mode reboot on Windows |
| Pre-encryption | VSS deletion, backup disruption, data exfiltration for double extortion |
| Encryption | Kyber1024 key encapsulation + AES/ChaCha20 file encryption |
| Ransom note | Dropped in encrypted directories |
The group operates a double-extortion model: files are encrypted and data is exfiltrated prior to encryption, with the threat of public leaking used as additional leverage.
Why This Matters: The Post-Quantum Ransomware Threat Model
The incorporation of Kyber1024 into ransomware is more than a technical curiosity — it represents a strategic hedge by threat actors against potential future decryption of seized keys.
Law Enforcement Decryption Operations
Several high-profile ransomware decryptions have provided victims with free recovery:
- ALPHV/BlackCat — FBI obtained decryption keys for ~500 victims
- Hive Ransomware — FBI infiltrated the operation for months, obtaining decryption keys
- Ragnar Locker — Europol seizure provided key recovery for some victims
These operations relied on one common thread: recovering classical RSA or ECC private keys from seized C2 infrastructure. Post-quantum key encapsulation fundamentally changes this dynamic:
| Scenario | Classical RSA/ECC | Kyber1024 |
|---|---|---|
| C2 seized, private key recovered | Victim files recoverable | Key recovery still possible |
| C2 seized years later, quantum computer available | Victim files potentially recoverable | Kyber1024 resistant to quantum attack |
| C2 never seized | No recovery | No recovery |
The Kyber group's use of Kyber1024 is a proactive defense against the FBI/Europol playbook of post-takedown victim decryption.
Detection and Response
Indicators of Compromise
Organizations should watch for:
File system:
- Files with new extensions appended (.[KYBER], .[LOCKED], or group-specific)
- Ransom note files dropped in directories (README.txt, RESTORE-FILES.html)
- VSS (Volume Shadow Copy) deletion events
- Bulk file rename/modification events
Process activity:
- vssadmin.exe delete shadows /all /quiet
- wbadmin.exe delete catalog -quiet
- bcdedit.exe /set {default} recoveryenabled No
- PowerShell encoded commands with -enc parameter
Network:
- Outbound connections to .onion addresses or unknown TOR exit nodes
- Large volume data exfiltration prior to encryption phase
- ESXi SSH connections from unexpected management IPs
Defensive Priorities
- Immutable backups — the only reliable recovery path when encryption is unbreakable
- ESXi hardening — restrict SSH access, disable unnecessary management interfaces
- Network segmentation — limit lateral movement paths between endpoints and ESXi hosts
- EDR on ESXi — deploy endpoint detection on VMware hosts; many ransomware groups exploit the lack of EDR coverage on hypervisors
- MFA on VPN and RDP — prevent initial access via credential stuffing or phishing
Backup Strategy for ESXi Environments
# Snapshot before any major changes (not a backup substitute)
# Use an immutable backup target (S3 Object Lock, air-gapped tape, etc.)
# Example: Veeam to immutable S3
# Enable S3 Object Lock in WORM mode on the backup bucket
# Configure Veeam backup job with immutability period > ransomware dwell time
# Verify backups restore successfully — test quarterlyBroader Context: Ransomware Encryption Innovation in 2026
The Kyber group's post-quantum experiment is part of a broader pattern of ransomware operators investing in encryption sophistication:
- Payouts King (April 2026) — used QEMU virtual machines to isolate encryption from EDR detection
- Interlock (March 2026) — exploited Cisco FMC zero-day to enter networks before encrypting
- Kyber (April 2026) — incorporated post-quantum key encapsulation to resist future law enforcement decryption
As ransomware operators increasingly treat their operations as professional businesses, investment in encryption that defeats both current and anticipated future recovery methods is a logical evolution.
Key Takeaways
- Post-quantum ransomware is now real — Kyber1024 deployment confirms threat actors are planning for long-term encrypted file persistence
- Immutable backups are non-negotiable — no decryption backdoor exists for Kyber1024; backup is the only recovery path
- ESXi remains a high-value target — deploy monitoring and restrict management access on hypervisors
- Law enforcement decryption operations may become less effective — PQC-encrypted ransomware files seized by investigators may be unrecoverable years from now
- Prepare for PQC in threat modeling — organizations should include post-quantum ransomware scenarios in tabletop exercises